Forum Discussion
One employee prefers Google
Hello everyone,
I am facing a dilemma. One employee seems to insist on using Google Docs for their work, and I am concerned about the security of company documents being stored in a location that we cannot administratively secure and the legal ramifications that I *think* come with it.
Unfortunately, I am not receiving much support from management on this issue. People are struggling to see the importance of it or the risk, or I'm simply wrong.
However, we have multiple data security agreements
I am not fulfilling our legal agreements if I am unaware of what documents are being stored off-site or have no control over their multi-factor authentication as just one other example, which our agreements require.
When I expressed my concerns, I received pushback, with some suggesting that we do not know if anything sensitive is being stored there. However, this is precisely the issue at hand?
There are also practical concerns, such as requiring everyone who works with this colleague to use Google Docs to view and edit documents. However, my primary focus is on security, which I am not an expert in.
Do any of you have suggestions on how to address this issue? I appreciate any advice or insights you may have.
I should add they are signing in with their ms work account - and I see we have a google workspace enterprise app(setup long before me). Some users are already in but going forward I disabled further access putting it behind a admin request. Hopefully this is helpful context
You can refer this link on more insight:
https://www.stanfieldit.com/benefits-of-switching-from-google-workspace-to-microsoft-365/
- It would be best if you emphasized the risks of the shadow IT approach (i.e., storing corporate data in an uncontrolled environment). For example, if the person who uses Google Docs happens to store sensitive information and that information is somehow leaked, then who is responsible for that leak? The company is ultimately responsible for that leak.
You will need an upper management role to champion this vast undertaking. The company's CIO/CTO/CSO should be informed of this risk.
Take a look at the following links:
https://www.checkpoint.com/cyber-hub/cyber-security/what-is-cybersecurity/what-is-shadow-it/#:~:text=Shadow%20IT%20is%20a%20risk%20in%20any%20organization,protecting%20corporate%20data%20against%20unauthorized%20access%20and%20disclosure.
https://www.microsoft.com/en-us/security/business/security-101/what-is-a-cloud-access-security-broker-casb
Also, see if you're qualified for the MS FastTrack program. Microsoft may provide some resources to help you with your security journey - https://learn.microsoft.com/en-us/microsoft-365/fasttrack/.
Good luck! Hey EvilTwinky100
That is a valid concern you have about security however you need to tackle it from a broader perspective. I see some other people have already posted some great information but I'll add my personal touch to my reply.
The first thing you need to understand is why they prefer Google Docs for some insights. As Admin you need to put yourself into the user's shoes and think why do I prefer this?- Did they never really use the MS 365 suite?
- Do they think the UI and functions are complicated or overwhelming?
- Is it just a preference/opinion?
When one of these answers is yes, you might need to organize some training moments to make sure they are comfortable using the M365 suite and show them the benefits and collaboration possibilities. This link can be useful: Microsoft 365 Training
The second thing is as you mentioned security, This way of working is not that secure and makes it really hard to keep track of all the data that is flowing around in the company. As Tristan999 said you best inform management of this issue and educate them on the possible risks and possible legal results. Make sure they understand the importance of data governance and compliance.
The best thing you can do is flag it, if they don't care they don't however you raised this issue and you have it on paper that you did the best you could.
Hope my take assists in understanding the situation and hopefully you can sort out this issue!
